UPDATE: Andrej from Noovo writes in the comments below that they have modified Noovo’s UI flow so that the selection of contacts for invitation to their service is now more clearly defined. Thankfully, this post is now history and lessons learned.
I thought about sending this feedback directly to Noovo but it’s important to warn others and also have a place to point all the people who have received Noovo’s auto-invite and replied back to me, “is this real?” If and when Noovo modifies their sign-up flow to address the concerns I’ve outlined below, I will happily update this post.
When I sign up to test out new service, I take care to not let the service email my contacts with spammy invites. Yesterday they got me and I ended up inviting all my friends to a service I was only testing out, embarrassing me and turning me off from spending more time with the service to figure it out. Crafty placement and defaults were to blame.
The first thing Noovo does is ask you for your Facebook credentials. There’s small text in the upper right corner says “skip” – most wouldn’t notice this making it seem like handing over your Facebook account is a requirement.
Next they present the standard, “Login with your favorite service to see if your friends are already using us” screen. There is even some text at the bottom, We do not store your login details nor do we use them for any other purpose than to retrieve your contacts.
This is the real sneaky one. I’ve already fallen into this trap so I can’t show you what the screen looked like before (the above is from a second account) but imagine this. I logged in with my Gmail credentials, was redirected to a page on google.com confirming that I was giving one-time access to Noovo to read my contacts file.
I then got a version of the screen you see above that had 10 or so contacts in the blue portion, these are people already registered on Noovo that I could connect to. But, because I had several lines of people already on the service, it completely hid the contacts that were not on the service and were checked by default to be sent and invitation to the service once I clicked “Next”
Two things.
a. Noovo never said they would use my credentials to send out invitations, just to retrieve contacts.
b. By hiding the list of invited contacts checked off below the screen, there is no way I would know unless I saw the scroll bar on the right of the screen.
4. The email invite was a real work of social engineering as well. Please respond or ian kennedy may think you said No. I would have deleted my account off of Noovo but I don’t want people accepting my invite only to find that I’m not there. Laying the guilt trip on me and my friends is not the way to entice people to join your site.
Way to make my days guys. I’ve been spending all afternoon explaining to everyone what happened.
Wow. Amazing story. Weird name. I'll avoid that, thanks.
Please respond or ian kennedy may think you said No. This was the bit that smelled funky. My first thought was that it was some mistranslated Finnish. But no, just the work of dishonest people. Make haste to the deadpool, Noovo.
Wow, that's pretty dirty. Bet it took a while to wash that grime off afterward. *shudder*
That this service was smarmy enough to fool even someone like you who is very experienced with social software (ran a social software service!) then it's clear that they are abusing their users and the networks of their users.<br />
<br />
I personally would never use this service and will actively dissuade people from using this service. You should not give them a second chance. They certainly do not deserve one.
Tagged did the same strategy.
Apologies to those who got confused by this feature. The purpose was not to deceive users and spamming their contacts but rather the contrary / helping them import their contacts for friendlier content sharing. We were and still are experimenting with the sign up process (copied the workflow form existing services) and take your feedback very seriously. I disagree with parts of your critics (it is not true that the contacts are hidden below the fold – tested at 1024×768 resolution) and in fact, out of thousands of users who signed up during those days just few users sent invites to all of their contacts like Ian did. Hope you'll come back at a later stage when we improve the sign up process and try using our recommendation engine.
Hi Andrej, I had a large amount of contacts in my Google account and because they were matched up in the invite flow, the blue portion of the invitation pushed the checked contacts down below the fold on my laptop (which is running at 1024 x 768). Anyway, it's a mistake to check these invites "on" as a default. Adding a "check all" is cool but just don't have them checked by default.
Part of my job is investigating new social networks so I sign up for a lot of them just to check them out. I usually don't give out my password but the site lead me to believe that it was only going to use it to see which users already in my contacts are already using Noovo. Once I discovered what had happened, I changed my password.
Hi Ian, we immediately changed the sign-up process to make the distinction between the two more transparent and obvious for every user. Andrej
Jason, we do not store passwords but use OAuth through standard API to connect to Gmail and other web email providers. Andrej
You missed the most important part: what is Noovo and why did you give it at least one of your important passwords? (Assuming you consider your webmail password “important”) Was it worth the loss of your password?
Thanks Andrej, I've updated the post to reflect your modification. Thank you for listening.